Computer Journal

Sends an e-mail when your site has a cryptographic error.
This is good to detect changes, intrusions, and mistakes.
There are three levels of testing:

Level 1: Check that remote page concurs with remote signature.
Level 1 ensures that someone has signed the file with a key that we have in our
public keyring. Level 1 ensures that if your page is changed, it is because of
an intended change and has been signed by the developer. Level 1 is not a
perfect guarantee of security since an attacker who is in your public keyring
could sign it with their key and Level 1 would pass.

Level 2: Check that the remote page has been signed with the correct key.
Level 2 fills the hole that Level 1 leaves: it ensures that the keyid is the
same. If an attacker has the same key ID as you (unlikely), then Level 2 will
be attackable.

Level 3: Check that the remote page has been signed with the local key.
Level 3 fills the gap that Level 1 and 2 leave: it ensures that the page has
not changed since we updated the local signature. This is more involved than
the other levels because it requires you to update the remote server with the
signature every time you update the page.

REQUIREMENTS

This program requires Bash, GnuPG,
Curl, and Mail. If you get errors saying
that -a doesn't exist, you're probably not using bash. call site_sign.sh with
bash explicitly to get around this problem.

USAGE

gen_index_sig1.sh is the script that generates the signature for the index
file. It is terrifically simple:gpg -a -b index.html
This creates a detached signature: index.html.asc
To pass Level 3, you need to run:

scp index.html.asc $REMOTE_SERVER:$TESTDIR/index.html.asc.local

Before it works you need to get the public key in your keyring.
If you're using the example of altsci.com, simply import jvoss.asc like this:
gpg --import jvoss.asc

You will _definitely_ need to edit the first 5 variables in site_sign.sh:

# TESTDIR is the directory to do the testing.
# You need write access.
TESTDIR=/home/jvoss/site_sign
# FILE is the remote file that you wish to test.
FILE=index.html
# SITE is the server that you wish to test.
SITE=http://www.altsci.com
# KEY is the Key ID that you wish to ensure in Level 2.
KEY=1954FED2
# EMAIL is the address that you wish to send an
# e-mail to when a compromise has been found.
EMAIL=jvoss@altsci.com

NEW IMPLEMENTATIONS

If you're using this for your own server, you'll need to use a key from your
own server. You need to export the public key and copy it to the destination
server.

ohai TheSkorm. I'd rather shit a brick than deal with your nasty gpg key. Kthxbai. Can haz irc.But sesrouily, I haven't seen you on much, and I'm on when it's 22:00-06:00 hours a lot so you have no excuse bub.Run spell check on your posts, it's bare not bear, unless you're into stuffed animals and are 6, then get with the program, you dolt!